RSS
 

Hackvent 2019: Hidden 3

13 Dec 2019
CTF: Hackvent 2019
Link to challenge: https://academy.hacking-lab.com
Date Completed: 6 December 2019

 

Challenge

HV19.H1 Hidden Three

Solution

During the Day 11 challenge HV19.11 Frolicsome Santa Jokes API, we decide to do some novice penetration testing on the server whale.hacking-lab.com.

We attempt many things including a port scan with nmap with default settings:

We find some open ports:

Port 17 seems very interesting as it is an uncommon port. We do some research and discover it belongs to the Quote of the Day protocol.

We try to get the quote of the day using this command:

Unfortunately, this spits out a single character r which did not make much sense. However, recall the clue that Not each quote is compl. Thus we have to wait until a new letter is given to us! As it turns out a new letter which belongs to the final flag is given to us every hour. As a result, we write a little cron job which logs the date and QOTD result every 15 minutes (to be safe) and decide to check back on it later.

Cron job:

After waiting a full day and checking back our log file looks like this:

Putting all this together gives us our flag!

Flag:  HV19{an0ther_DAILY_fl4g}

 
No Comments

Posted in Hackvent 2019

 

Leave a Reply